- Btrfs on LUKS
- Burn LiveCD/LiveUSB with latest Arch ISO
- Boot from LiveCD/LiveUSB
- Download pacstrapit:
curl -k https://codeload.github.com/atweiden/{pacstrapit}/{tar.gz}/{0.0.21} -o "#1-#3.#2"
- Extract:
tar xvzf pacstrapit-0.0.21.tar.gz
- Customize variables
WARNING: failure to give appropriate values could cause catastrophic data loss and system instability.
Defaults:
Target partition | /dev/sda |
Type of processor | other |
Type of graphics card | Intel |
Type of hard drive | HDD |
Locale | en_US |
Keymap | us |
Timezone | America/Los_Angeles (PST) |
Root password | secret |
User name | live |
User password | secret |
LUKS name | luksroot |
LUKS password | secret |
Hostname | luksiso |
cd pacstrapit-0.0.21 && $EDITOR pacstrapit
Done. Ready to run pacstrapit
:
./pacstrapit
With logging:
./pacstrapit 2>&1 | tee pacstrapit.log
If the script exits with an error, it's best to reboot and start fresh.
Before setting _ssh
to 1
...
On the control machine:
Make keys directory.
$ mkdir -p ~/keys
Generate ssh keys.
$ ssh-keygen -t ed25519 -b 521 -f ~/keys/id_ed25519
Get Electrum.
$ cd && curl -k https://codeload.github.com/spesmilo/{electrum}/{tar.gz}/{${_electrum_version}} -o "#1-#3.#2"
$ tar xvzf electrum-${_electrum_version}.tar.gz
$ cd electrum-${_electrum_version}
$ find . -type f -print0 | xargs -0 sed -i 's#/usr/bin/python#/usr/bin/python2#g'
$ find . -type f -print0 | xargs -0 sed -i 's#/usr/bin/env python#/usr/bin/env python2#g'
Pick an Electrum address for signing.
$ address_for_signing=$(./electrum listaddresses | sed -n '2p' | tr -d '[:punct:]' | awk '{print $1}')
$ echo ${address_for_signing} > ~/keys/electrum.pub
$ ./electrum signmessage ${address_for_signing} "$(cat ~/keys/id_ed25519.pub)" > ~/keys/id_ed25519.pub.sig
Upload id_ed25519.pub
, id_ed25519.pub.sig
and electrum.pub
to
GitHub, or any other file hosting service reachable via curl
.
Record the exact URL for each keyfile inside the variables section of
pacstrapit
.
This is free and unencumbered public domain software. For more information, see http://unlicense.org/ or the accompanying UNLICENSE file.